Skip to content

Instantly share code, notes, and snippets.

@abraithwaite

abraithwaite/global_syscalls.lua

Last active August 29, 2015 14:15
Show Gist options
  • Save abraithwaite/8e042514bfca36901c49 to your computer and use it in GitHub Desktop.
Save abraithwaite/8e042514bfca36901c49 to your computer and use it in GitHub Desktop.
Download ZIP
Counts syscalls for all processes
Raw
global_syscalls.lua
-- Chisel description
description = "counts how many times the specified system call has been called for every process"
short_description = "syscall count"
category = "misc"
args = {}
-- Initialization callback
function on_init()
-- Request the fileds that we need
ftype = chisel.request_field("evt.type")
fdir = chisel.request_field("evt.dir")
fname = chisel.request_field("proc.name")
return true
end
byproc = {}
count = 0
-- Event parsing callback
function on_event()
if evt.field(fdir) == ">" then
local n = evt.field(fname)
local e = evt.field(ftype)
if byproc[n] == nil then
if n == nil then
n = "ukn"
end
byproc[n] = {}
end
if byproc[n][e] == nil then
byproc[n][e] = 0
end
byproc[n][e] = byproc[n][e] + 1
end
return true
end
json = require("dkjson")
function on_capture_end()
local result = json.encode(byproc)
print(result)
end
Raw
output.json
{
"ViECaptureThrea": {
"write": 1,
"futex": 74,
"switch": 144
},
"IncomingVideoSt": {
"sendmsg": 56,
"recvmsg": 112,
"futex": 507,
"switch": 158
},
"alsa-source-ALC": {
"write": 939,
"switch": 1410,
"read": 476,
"ppoll": 1410,
"futex": 440,
"ioctl": 3764
},
"sysdig": {
"sysdigevent": 3,
"switch": 174
},
"caribou": {
"read": 1,
"recvmsg": 3,
"switch": 1,
"poll": 1
},
"ukn": {
"switch": 1
},
"webrtc_audio_mo": {
"writev": 237,
"write": 1706,
"poll": 474,
"munmap": 930,
"recvmsg": 711,
"switch": 1695,
"futex": 2668
},
"tracker-miner-f": {
"read": 1,
"switch": 1,
"lstat": 8,
"poll": 2
},
"Cache2": {
"close": 1,
"lseek": 1,
"write": 1,
"switch": 1,
"futex": 4,
"open": 1
},
"Analysis": {
"madvise": 60,
"futex": 29,
"switch": 15
},
"plugin-containe": {
"futex": 224,
"read": 91,
"sendto": 1,
"sendmsg": 91,
"recvfrom": 28,
"writev": 514,
"getsockopt": 14,
"select": 83,
"switch": 827,
"poll": 1350,
"recvmsg": 1728,
"write": 234,
"getrlimit": 694
},
"gnome-shell": {
"writev": 33,
"write": 13,
"switch": 75,
"read": 18,
"recvmsg": 383,
"poll": 118,
"ioctl": 66
},
"Gecko_IOThread": {
"futex": 25,
"write": 104,
"switch": 226,
"read": 109,
"recvmsg": 218,
"sendmsg": 109,
"epoll_wait": 218
},
"gnome-terminal-": {
"write": 58,
"read": 13,
"sendmsg": 2,
"writev": 7,
"fstat": 24,
"switch": 21,
"futex": 2,
"recvmsg": 62,
"poll": 41,
"fcntl": 24
},
"GoogleTalkPlugi": {
"lseek": 3,
"write": 62,
"read": 395,
"open": 2,
"getsockopt": 689,
"poll": 36,
"recvfrom": 890,
"gettid": 18,
"getrusage": 3,
"getsockname": 1,
"sendmsg": 36,
"sendto": 308,
"close": 3,
"futex": 214,
"select": 951,
"switch": 826,
"bind": 1,
"recvmsg": 77,
"ioctl": 72,
"socket": 1
},
"gmain": {
"write": 3,
"switch": 4,
"read": 3,
"poll": 4,
"inotify_add_watch": 1
},
"JS": {
"futex": 4,
"switch": 2
},
"nm-applet": {
"recvmsg": 3,
"switch": 1,
"poll": 1
},
"gnome-settings-": {
"recvmsg": 3,
"switch": 1,
"poll": 1
},
"mozStorage": {
"lseek": 4,
"write": 5,
"switch": 2,
"futex": 7,
"fcntl": 6
},
"firefox": {
"writev": 643,
"mmap": 2,
"futex": 518,
"poll": 3210,
"read": 588,
"recvmsg": 3152,
"write": 137,
"switch": 1110
},
"rtkit-daemon": {
"read": 1,
"switch": 2,
"write": 1,
"poll": 2
},
"Timer": {
"write": 449,
"futex": 1809,
"switch": 910
},
"owncloud": {
"read": 1,
"recvmsg": 3,
"switch": 1,
"poll": 1
},
"threaded-ml": {
"write": 5247,
"mmap": 931,
"read": 4068,
"open": 931,
"close": 931,
"fstat": 931,
"poll": 4066,
"sendto": 1617,
"recvmsg": 2619,
"switch": 3032,
"futex": 1714
},
"systemd-journal": {
"mmap": 85,
"read": 153,
"munmap": 85,
"clock_gettime": 17,
"open": 85,
"close": 85,
"fstat": 102,
"switch": 19,
"epoll_wait": 17,
"ftruncate": 17,
"readlinkat": 17
},
"alsa-sink-ALC32": {
"write": 203,
"switch": 2788,
"read": 285,
"ppoll": 2788,
"ioctl": 10041
},
"WebRtc_event_ti": {
"futex": 650,
"switch": 237
},
"Xorg": {
"futex": 2365,
"read": 894,
"ioctl": 6399,
"writev": 649,
"sigreturn": 157,
"select": 1266,
"switch": 1878,
"poll": 10,
"recvmsg": 2356,
"rt_sigprocmask": 2563,
"setitimer": 1858
},
"Trace": {
"futex": 18,
"switch": 9
},
"localStorage": {
"lseek": 4,
"write": 5,
"switch": 2,
"futex": 4,
"fcntl": 6
},
"tmux": {
"uname": 10,
"mmap": 8,
"read": 8,
"munmap": 8,
"ioctl": 16,
"close": 8,
"switch": 8,
"fstat": 8,
"poll": 8,
"writev": 1,
"stat": 12,
"open": 8,
"readlink": 8
},
"Chrome_ChildThr": {
"futex": 110,
"switch": 220,
"read": 109,
"recvmsg": 218,
"sendmsg": 109,
"epoll_wait": 218
},
"pulseaudio": {
"futex": 440,
"write": 6144,
"switch": 3150,
"read": 5655,
"sendto": 1619,
"recvmsg": 2002,
"ppoll": 3135
},
"DNS": {
"futex": 13,
"read": 12,
"munmap": 6,
"sendmmsg": 2,
"poll": 22,
"sendto": 14,
"mmap": 6,
"write": 5,
"recvfrom": 12,
"ioctl": 12,
"connect": 139,
"close": 31,
"open": 6,
"fstat": 6,
"switch": 19,
"bind": 6,
"recvmsg": 18,
"getsockname": 78,
"socket": 25
},
"at-spi2-registr": {
"writev": 2,
"write": 6,
"poll": 11,
"read": 4,
"recvmsg": 28,
"sendmsg": 2,
"switch": 5
},
"ProcessThread": {
"write": 157,
"futex": 3314,
"switch": 1662
},
"DecodingThread": {
"futex": 524,
"switch": 306
},
"dbus-daemon": {
"switch": 4,
"recvmsg": 8,
"sendmsg": 4,
"epoll_wait": 4
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment